Podejrzenie wlamania, komp muli i net wooolno

lowel · 25 Listopad 2006 08:41

witam, mam podlaczone szybsze lacze, lecz zamiast przyspieszyc jest gorzej, wszytsko wolno sie laduje, skacza transfery i ping czasem niebotycznie duzy.

prosze o sprawdzenie loga:

Logfile of HijackThis v1.99.1 Scan saved at 09:32:16, on 2006-11-25 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE f:\Program Files\Eset\nod32krn.exe f:\Program Files\Agnitum\Outpost Firewall\outpost.exe C:\WINDOWS\system32\svchost.exe F:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe F:\Program Files\Eset\nod32kui.exe C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe F:\Program Files\Mozilla Firefox\firefox.exe G:\instalki 03 2006\zabezpieczajace\HijackThis 1.99.1\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - F:\Program Files\GetRight\xx2gr.dll O2 - BHO: (no name) - {4734044c-7427-43d8-adbe-df942e52bef2} - (no file) O2 - BHO: (no name) - {E7E9F57E-2947-40B1-9BBF-0896D19C092F} - (no file) O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: (no name) - {DC59A0D4-0ED6-4A73-B356-1B977F2A7725} - (no file) O3 - Toolbar: (no name) - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - (no file) O3 - Toolbar: (no name) - {5D956A61-05E7-427B-A2B1-BF32FB18B1BE} - (no file) O4 - HKLM…\Run: [CTSysVol] “f:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe” /r O4 - HKLM…\Run: [Outpost Firewall] f:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice O4 - HKLM…\Run: [OutpostFeedBack] f:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup O4 - HKLM…\Run: [Nod32kui] “f:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - Global Startup: Logitech SetPoint.lnk = ? O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe O8 - Extra context menu item: Download with GetRight Pro - F:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Pro Browser - F:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\system32\shdocvw.dll O16 - DPF: -{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/Shar … vSniff.cab O16 - DPF: -{644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/Shar … /cabsa.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O17 - HKLM\System\CCS\Services\Tcpip…{D3DED625-185A-4783-86F7-59B175AC172F}: NameServer = 192.168.1.1 O18 - Protocol: bw+0 - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {EE6FE934-5597-4D76-8956-DC477F3A6A1E} - f:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O21 - SSODL: bonspells - {11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} - (no file) O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - F:\Program Files\cFosSpeed\spd.exe" -service (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - f:\Program Files\Eset\nod32krn.exe O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - f:\Program Files\Agnitum\Outpost Firewall\outpost.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Bieniol · 25 Listopad 2006 09:05

Użyj narzędzia -> SmitFraudFix (w trybie awaryjnym z opcji 2 )

Usuń Hijackiem te wpisy:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm O2 - BHO: (no name) - {4734044c-7427-43d8-adbe-df942e52bef2} - (no file) O2 - BHO: (no name) - {E7E9F57E-2947-40B1-9BBF-0896D19C092F} - (no file) O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: (no name) - {DC59A0D4-0ED6-4A73-B356-1B977F2A7725} - (no file) O3 - Toolbar: (no name) - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - (no file) O3 - Toolbar: (no name) - {5D956A61-05E7-427B-A2B1-BF32FB18B1BE} - (no file) O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O21 - SSODL: bonspells - {11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} - (no file)

Po zabiegach nowy log z Hijacka + log z Silent Runners + raport ze SmitFraufFix